Synopsis

fcli fod sast-scan setup [--include-third-party-libs] [--oss] [--skip-if-exists] [--use-aviator] [--use-source-control] --assessment-type=<assessmentType> --audit-preference=<auditPreferenceType> [--delim=<delimiter>] [--entitlement-id=<entitlementId>] --frequency=<entitlementFrequencyType> [--language-level=<languageLevel>] [--progress=<type>] --rel=id|app[:ms]:rel [--technology-stack=<technologyStack>] [[-h] [--env-prefix=<prefix>] [--log-file=<logFile>] [--log-level=<logLevel>] [--log-mask=<level>] [--debug]] [[--fod-session=<sessionName>]] [[-o=<type+args>] [--style*=<style>,…​]…​ ] [--to-file=<outputFile>_]]

Description

To correctly setup a scan you will need to provide the assessment type Id or Name using the '--assessment-type' option. Since assessment types can potentially be configured differently for each tenant, you can find the correct Id and Name using the 'fod release lsat' command. If you know the Id of an entitlement that you want to use then you can supply it to the '--entitlement-id' option. If not, and you supply both the '--assessment-type' and '--entitlement-frequency' options the command will try to find an appropriate entitlement. If you do not specify a '--technology-stack' and '--language-level' (if appropriate) the default value of 'AutoDetect' will be used. However, if you wish to specify them you can use the 'fod rest lookup' command to find the values. For example, to list all the technology stacks you can use 'fod rest lookup TechnologyTypes' and then for the language levels (if appropriate) you can use the 'Value' field returned in 'fod rest lookup LanguageLevels'. For example, for Java which is typically value '7', you would use 'fod rest lookup LanguageLevels -q "group=='7'".

Options

--assessment-type=<assessmentType>

The assessment type to use, this can be the Id or the Name. Use 'fod release lsat' to find valid values.

--audit-preference=<auditPreferenceType>

Audit preference, e.g. Manual or Automated

--delim=<delimiter>

Change the default delimiter character when using options that accept "application[:microservice]:release" as an argument or parameter.

--entitlement-id=<entitlementId>

Entitlement Id to use. If not specified Entitlement Frequency and Assessment Type will be used to find one.

--frequency, --entitlement-frequency=<entitlementFrequencyType>

The entitlement frequency type to use. Valid values: SingleScan, Subscription.

--include-third-party-libs

(LEGACY) Indicates if third party libraries should be included.

--language-level=<languageLevel>

The language level of the technology stack (if needed).

--oss

Perform Open Source Analysis scan.

--progress=<type>

Configure progress output. Allowed values: auto, none, simple, stderr, single-line, ansi. Default value: auto. Proper output of single-line and ansi depends on console capabilities.

--rel, --release=id|app[:ms]:rel

Release id or <application>[:<microservice>]:<release> name.

--skip-if-exists

Skip setup if a scan has already been set up. If not specified, any existing scan setup will be replaced based on the given setup options.

--technology-stack=<technologyStack>

The technology stack of the application. Default value: Auto Detect.

--use-aviator

Use Fortify Aviator to audit results and provide enhanced remediation guidance.

--use-source-control

(LEGACY) Indicates if source control should be used.

FoD session name options

--fod-session=<sessionName>

Name of the FoD session to use for executing this command. Default value: default.

Output options (also see documentation link below)

-o, --output=<type+args>

Select output type (csv, table, expr, json, xml, yaml) and optional type arguments.

--store=<var>[:<prop>]

Store JSON results in an fcli variable for later reference.

*--style*=<style>,…​

Select output style: header, no-header, pretty, no-pretty, flat, no-flat, array, single, border, no-border, md-border.

--to-file=<outputFile>

Write output to the specified file.

Generic fcli options (also see documentation link below)

--debug

Enable collection of debug logs.

--env-prefix=<prefix>

Prefix for resolving default option values. Default value: FCLI_DEFAULT.

-h, --help

Use 'fcli [command] -h' to display help for fcli (sub-)commands.

--log-file=<logFile>

Write log output to file. Default: ./fcli.log if logging is enabled.

--log-level=<logLevel>

Set logging level: TRACE, DEBUG, INFO, WARN, ERROR, NONE.

--log-mask=<level>

Log mask level: high, medium, low, none. Default: medium. Masking is done on a best-effort basis; no guarantee that all sensitive data will be masked.